K.Mandla's blog of Linux experiences

Reset a password in Ubuntu

It’s hard to believe, but even in the short time since my friend picked up a new computer, there’s already been a password problem. Apparently it was a new password, misspelled slightly for added “security,” and then promptly forgotten. After several failed login attempts as the primary user, I got a text message pleading for help.

In Ubuntu, if you can believe this, it’s quite easy to change or “reset” the password for an account, so long as you have physical access to the machine. In total this should take you about 10 seconds to finish, give or take for the actual speed of the machine.

First restart, and then watch closely as the computer starts up again. After the BIOS screen disappears (the screen that usually shows the manufacturer’s logo, or information about the hardware), hold down the Shift key (if you’re using a version earlier than Karmic, you will probably have to press Esc repeatedly).

If all goes well, you should be at a Grub boot menu. From the list you see, pick any option that ends with the “recovery mode” option, and press return.

In Karmic and perhaps in some earlier versions, you may get a gray, blue and red menu that describes several different options; the final option — “Drop to the root shell prompt” — is good enough. Some of the earlier versions of Ubuntu went straight to the prompt.

Then you should see the command-line cursor, with root as your user name. Next type

passwd enter_username_here

and press return. You’ll need to enter the new password twice for confirmation, and then you can restart the machine.

reboot

You can logout of the root account if you like, and go back to the gray-blue-red menu, but it’s just as easy and useful to reboot from that point.

And the new password should work fine. From within Gnome there are ways for a person to adjust their password by themselves, so I gave my friend “password” as the reset one, and at some point it can be changed to something else. Crisis averted. 😀

I’m not 100 percent sure. Seems to me if someone has access to your computer, and they can access recovery mode, then they can change your password and access your account. Encryption might not stop them if they can sign on as you.

Access to the user account and access to the encrypted home are two different things. Changing the user password does not change the password to access the encrypted home. The two accesses are not directly related.

Even if I can’t answer your questions directly, as I don’t use Ubuntu, here are some things you might want to know about. They are old hats already and might *partially* not be relevant anymore, though:

I trust the people who have physical access to my machine anyway… basically my wife and cat.

The biggest threats are online ones, not in-person ones. People used to make fun of those who write passwords on Post-it notes right on the computer, but it’s probably safer to do that with a complex password than not write down a password at all and have it be a simple one someone can remotely log in with.

Makes sense. I’ve always told customers their machines are not safe if they’re not physically secure – with any OS, if the data’s not encrypted, you can just pop the drive into another machine and sudo your way to any data. Heck, MacOSX just ignores permissions on external drives by default.

If you have physical access yet can still gain access to a machine that is security at it’s worst. Add that to another reason I would never use Ubuntu. In an effort to make life easier for the casual user they have sacrificed security. IMO Ubu is the MS of the Linux world and we are all worse off for it.

Steve, could you explain in more detail why ubuntu is so insecure? If you’re going to tell us about the usual sudo complaints, then don’t bother. In fact, for a desktop or laptop computer using sudo is not bad at all. OTOH, if you consider using sudo in a server that’s another story, easily changeable by any sysadmin. For the rest, I believe Ubuntu services are as secure as any other distros’.